Privacy

Name: Schloss Lautrach
Address: Schloßstraße 1, Lautrach, 87763, DE
Telephone: +49 8394 910 412

1. Introduction

With the following information, we would like to provide you with an overview of how we process your personal data and your rights under data protection laws. The processing of personal data—for example, your name, address or email address—is always carried out in accordance with the General Data Protection Regulation (GDPR). Through this privacy policy, we aim to inform you about the extent and purpose of the personal data we collect, use and process.

2. Controller

The controller in terms of the GDPR is:

MCSL - Managementcentrum Schloss Lautrach Betriebs GmbH

Represented by: Stefan Schmid, Dominik Schmid

Schloßstraße 1

87763 Lautrach

DE Telephone: +49 8394 910 412

Email: hotel@schloss-lautrach.de

3. Data Protection Officer

You can reach the Data Protection Officer as follows:

fly-tech GmbH

Winterbruckenweg 58

86316 Friedberg

Email: beratung@fly-tech.de

Tel.: 0821 207 111 17

You can contact our Data Protection Officer at any time with any questions or suggestions regarding data protection.

4. Definitions

This privacy policy is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance. In this privacy policy, we use, amongst others, the following terms:

• Personal data:

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Data subject:

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing (our company).

• Processing:

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• Restriction of processing:

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

• Profiling:

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

• Pseudonymisation:

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

• Processor:

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

• Recipient:

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

• Third party:

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

• Consent:

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal Basis for Processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG, formerly TTDSG) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are a party—such as processing operations required for the delivery of goods or the provision of any other service—processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for carrying out pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data is required, such as for fulfilling tax obligations, processing is based on Article 6(1)(c) GDPR. In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third parties. Then the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations not covered by any of the above legal grounds, if processing is necessary for the legitimate interests of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

6. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data if:

• You have given your express consent pursuant to Article 6(1)(a) GDPR,

• The disclosure is permissible under Article 6(1)(f) GDPR to safeguard legitimate interests and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed,

• There is a legal obligation to disclose under Article 6(1)(c) GDPR, or

• The disclosure is necessary under Article 6(1)(b) GDPR for the processing of contractual relationships with you.

For data transfers to third countries (outside the EU/EEA), we enter into contracts based on the European Commission’s standard contractual clauses. Should this not be sufficient to ensure an adequate level of protection, your consent pursuant to Article 49(1)(a) GDPR may serve as the basis. If there is an adequacy decision by the EU Commission pursuant to Article 45 GDPR, a transfer is also permitted without further measures. For transfers to the USA, we ensure that service providers are certified under the EU-US Data Privacy Framework, thus ensuring an adequate level of data protection.

7. Technology

7.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact enquiries sent to us as the site operator. An encrypted connection is indicated by the browser’s address line changing from "[URL] "[URL] by the padlock symbol in your browser line. We use this technology to protect the data you transmit to us.

7.2 Data Collection

When Visiting the Website When you use our website for purely informational purposes—if you do not register or otherwise transmit information to us or do not consent to processing that requires consent—we only collect data that is technically necessary for providing the service. These are usually data transmitted by your browser to our server (so-called "server log files"). Each time you or an automated system accesses a page on our website, a range of general data and information is collected and stored in the server’s log files. This may include:

• Browser types and versions used

• The operating system used by the accessing system

• The website from which an accessing system reaches our website (so-called referrer)

• The sub-pages accessed on our website

• Date and time of access to the website

• An Internet Protocol address (IP address)

• The Internet service provider of the accessing system We do not draw conclusions about your person from this data.

This information is needed to:

• Deliver the contents of our website correctly

• Optimise the contents of our website and the advertising for it

• Ensure the permanent functionality of our IT systems and the technology of our website

• Provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack

The data and information collected are therefore evaluated statistically and with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The server log file data is stored separately from all personal data provided by a data subject. The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes for data collection listed above.

7.3 Encrypted Payment Transactions

If, after concluding a contract with costs, you are obliged to transmit your payment data (e.g. account number for direct debit authorisation), this data is required for payment processing. Payment transactions using the usual means of payment (Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the browser address line switching from "[URL] "[URL] by the padlock symbol in your browser line. We use this technology to protect your transmitted data.

7.4 Akamai (Content Delivery Network)

To speed up our website, we use the content delivery network (CDN) of Akamai Technologies Inc., 150 Broadway, Cambridge, MA 02142, USA (“Akamai”). A CDN is a service that helps deliver content from our online offering, especially large media files such as graphics or scripts, more quickly using regionally distributed and Internet-connected servers. The processing of your data is solely for the above purposes and for maintaining the security and functionality of the CDN. For each data processing event, Akamai transfers personal data from log files (e.g. IP addresses) to the USA, as certain servers for processing log files are located only in the USA. Akamai has therefore committed itself to complying with European data protection standards and regulations. Akamai stores data for up to 24 hours in order to deliver content more quickly when you visit our website. Akamai cookies are classified as necessary cookies. We process your data for the purpose of speeding up our website based on our legitimate interests pursuant to Article 6(1)(f) GDPR. Our legitimate interest lies in the fast provision of our website. This US-based company is certified under the EU-US Data Privacy Framework. There is therefore an adequacy decision pursuant to Article 45 GDPR, so that transfers of personal data can take place without further guarantees or additional measures. Further information on Akamai’s privacy policy can be found at: https://www.akamai.com/de/de/privacy-policies/.

7.5 Cloudflare (Content Delivery Network)

Our website uses features of CloudFlare. The provider is CloudFlare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA. CloudFlare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed via the CloudFlare network. CloudFlare is thus able to analyse traffic between users and our websites, for example, to detect and fend off attacks on our services. CloudFlare may also store cookies on your device for optimisation and analysis purposes. You can configure your browser to be informed about the setting of cookies and only allow cookies in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website. We have concluded a data processing agreement with Cloudflare based on the GDPR and the EU Standard Contractual Clauses. Cloudflare collects statistical data about visits to this website. Access data includes: name of the accessed website, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, operating system of the user, referrer URL (the previously visited page), IP address and the requesting provider. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimisation of the offering. If you have consented to the use of Cloudflare, the legal basis for processing personal data is Article 6(1)(a) GDPR. In addition, we have a legitimate interest in using Cloudflare to optimise and secure our online offering. The corresponding legal basis for this is Article 6(1)(f) GDPR. Personal data is retained as long as necessary to fulfil the processing purpose. The data is deleted as soon as it is no longer required for the intended purpose. This US-based company is certified under the EU-US Data Privacy Framework. There is therefore an adequacy decision pursuant to Article 45 GDPR, so that transfers of personal data can take place without further guarantees or additional measures. Further information on CloudFlare can be found at: https://www.cloudflare.com/privacypolicy/.

8. Cookies

8.1 General Information on Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. The cookie stores information that arises in connection with the specific device used. However, this does not mean that we become immediately aware of your identity. We use cookies to make our services more pleasant for you to use. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after you leave our site. We also use temporary cookies to optimise user-friendliness, which are stored on your device for a specified period. If you visit our site again to use our services, it is automatically recognised that you have already been here and what entries and settings you have made, so that you do not have to enter them again. We also use cookies to statistically record and evaluate the use of our website for optimisation purposes. These cookies allow us to recognise automatically on a subsequent visit that you have already visited our website. The cookies set in this way are automatically deleted after a defined period. The duration of storage of the cookies can be found in the settings of the consent tool used.

8.2 Legal Basis for the Use of Cookies

The data processed by cookies, necessary for the proper functioning of the website, are required to protect our legitimate interests as well as those of third parties pursuant to Article 6(1)(f) GDPR. For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Article 6(1)(a) GDPR.

8.3 Cookiebot (Consent Management Tool)

We use the consent management tool "Cookiebot" provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. This service enables us to obtain and manage the consent of website visitors regarding data processing. Cookiebot collects data generated by end users who use our website.

When an end user gives consent via the cookie consent tool, Cookiebot automatically logs the following data:

• The end user’s IP address in anonymised form (the last three digits are set to 0)

• Date and time of consent

• Browser user agent of the end user

• The URL from which the consent was sent

• An anonymous, random and encrypted key

• The consent status of the end user, which serves as proof of consent

The key and consent status are also stored in the end user’s browser in the "CookieConsent" cookie, so that the website can automatically read and comply with the user’s consent during all subsequent page requests and future end user sessions for up to 12 months. The key is used to document consent and for an option to check whether the stored consent status in the end user’s browser is unchanged compared to the original consent sent to Cybot. The website's functionality is not guaranteed without this processing. The "CookieConsent" cookie set by Cookiebot is classified as necessary. Cybot is the recipient of your personal data and acts as a processor for us. For detailed information on the use of Cookiebot, please see: https://www.cookiebot.com/de/privacy-policy/.

8.4 Technically Necessary Cookies

If the use of cookies is necessary for the proper functioning of our website, the processing of personal data is carried out to protect our legitimate interest in operating a functional and user-friendly online presence pursuant to Article 6(1)(f) GDPR. You have the right to object to these processing activities. Most browsers accept cookies automatically. However, you can exercise your right to object at any time by configuring your browser not to store cookies on your computer. Complete deactivation of cookies may mean that you may not be able to use all the functions of our website.

9. Content of Our Website

9.1 Data Processing

When Opening a Customer Account and for Contract Execution Pursuant to Article 6(1)(b) GDPR, personal data is collected and processed when you provide it to us for the purpose of executing a contract or opening a customer account. The data collected can be seen from the respective input forms. You can delete your customer account at any time, for example by sending a message to the controller at the address above. We store and use the data you provide for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or we are legally permitted to use the data in another way, about which we will inform you below if applicable.

9.2 Data Processing for Order Handling

Your payment data will be passed on to the commissioned credit institution as part of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will explicitly inform you below. The legal basis for the transfer of data is Article 6(1)(b) GDPR.

9.3 Contact / Contact Form and Email

When contacting us—whether via contact form or email—personal data is collected. The data collected depends on the chosen communication method and the content of your message. When using the contact form, the data collected can be seen from the input mask; when contacting us by email, the personal data transmitted with the email is stored. The processing and storage of this data is solely for the purpose of processing your enquiry and the associated technical administration. The legal basis is our legitimate interest in responding to your request pursuant to Article 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis is Article 6(1)(b) GDPR. Once your enquiry has been fully processed, the collected data will be deleted, provided there are no statutory retention obligations.

10. Newsletter Dispatch

10.1 Newsletter for Existing Customers

If you have provided us with your email address when purchasing services (e.g. booking a hotel room), we reserve the right to regularly send you offers for similar services from our range by email. According to Section 7(3) UWG, we do not need separate consent from you for this. Data processing for this purpose is carried out solely on the basis of our legitimate interest in personalised direct advertising pursuant to Article 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning. Objection can be made via a link in the newsletter or by email. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

10.2 Promotional Newsletter

On our website, you have the opportunity to subscribe to our company newsletter. The personal data transmitted to us when ordering the newsletter is evident from the input mask used for this purpose.

We regularly inform our customers and business partners by means of a newsletter about our offers. You can only receive our company newsletter if:

• You have a valid email address and

• You have registered for the newsletter dispatch.

A confirmation email will be sent to the email address you first entered for the newsletter dispatch for legal reasons using the double opt-in procedure. This confirmation email is used to check whether you, as the owner of the email address, have authorised receipt of the newsletter. When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) to the IT system you used at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace the (possible) misuse of your email address at a later date and thus serves our legal protection. The personal data collected as part of a registration for the newsletter will be used exclusively for sending our newsletter. In addition, subscribers to the newsletter may be informed by email if this is necessary for the operation of the newsletter service or registration in this regard, such as in the event of changes to the newsletter offering or changes to technical conditions. There is no transfer of personal data collected as part of the newsletter service to third parties. You can cancel the subscription to our newsletter at any time. The consent to the storage of personal data, which you have given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking consent, there is a corresponding link in each newsletter. You can also unsubscribe from the newsletter on our website or notify us in another way at any time. The legal basis for data processing for the purpose of sending the newsletter is Article 6(1)(a) GDPR.

11. Booking Processes

11.1 Profitroom Booking Engine (formerly Upperbooking)

To provide our online booking function, we use the Profitroom Booking Engine, a service of Profitroom S.A., ul. Taczaka 24, 61-819 Poznań, Poland. The Profitroom Booking Engine allows direct booking of rooms and services via our website. Personal data such as name, contact details, booking details and payment information are processed in this context. The legal basis for processing is Article 6(1)(b) GDPR (contract performance) and, if applicable, Article 6(1)(a) GDPR (consent), in particular when using analysis and marketing features. Profitroom processes the data exclusively on servers within the EU. Data is only passed on to third parties within the framework of legal obligations or for contract fulfilment. Data transmission is encrypted (SSL/TLS). Further information on data processing by Profitroom can be found in their privacy policy.

12. Our Activities in Social Networks

To communicate with you in social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are, according to Article 26 GDPR, jointly responsible with the provider of the respective social media platform for the processing operations triggered thereby. We are not the original provider of these pages, but only use them within the framework of the possibilities offered by the respective providers. We would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use of these networks may therefore entail data protection risks for you, as exercising your rights (e.g. to information, deletion, objection, etc.) could be more difficult, and processing in social networks is often carried out directly for advertising or for analysing user behaviour by the providers, and we have no influence over this. If usage profiles are created by the provider, cookies are often used or usage behaviour is assigned to your own member profile of the social networks. The described processing operations of personal data are carried out according to Article 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider, in order to communicate with you in a contemporary manner or to inform you about our services. If you have to give consent to data processing as a user with the respective providers, the legal basis is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR. As we have no access to the providers’ data stores, we recommend that you assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social networks is listed below for each provider used by us:

12.1 Facebook

(Joint) Controller for data processing in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Meta (Facebook) may, unless you object, process content from adult users in the EU, e.g. photos, posts or comments, to train its own AI models. The legal basis is legitimate interest under Article 6(1)(f) GDPR. We as a company have no influence on this specific data processing by Meta. Users can object to this via an online form on the Meta platforms. Privacy policy (data policy): https://www.facebook.com/about/privacy

12.2 Instagram

(Joint) Controller for data processing in Germany: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Meta (Instagram) may, unless you object, process content from adult users in the EU, e.g. photos, posts or comments, to train its own AI models. We as a company have no influence on this specific data processing by Meta. The legal basis is legitimate interest under Article 6(1)(f) GDPR. Users can object to this via an online form on the Meta platforms. Privacy policy (data policy): https://instagram.com/legal/privacy/

13. Partner and Affiliate Programmes

13.1 DoubleClick

This website contains components of DoubleClick by Google. DoubleClick is a brand of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data with every impression, as well as with clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your IT system. The purpose of the cookie is to optimise and display advertising. The cookie is used, among other things, to display user-relevant advertising, to compile reports on advertising campaigns or to improve them. It also serves to prevent multiple adverts of the same advertisement. DoubleClick uses a cookie ID that is necessary for the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which adverts have already been displayed in a browser to avoid duplicate display. DoubleClick can also use the cookie ID to record conversions. A DoubleClick cookie does not contain personal data. However, a DoubleClick cookie can contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact. Each time you access an individual page on our website where a DoubleClick component is integrated, your Internet browser is prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing commissions. In the context of this technical process, Google receives knowledge of data that Google also uses to create commission statements. Among other things, Google can track that you have clicked on certain links on our website. These processing operations are carried out only with your explicit consent pursuant to Article 6(1)(a) GDPR. The parent company Google LLC is certified under the EU-US Data Privacy Framework. There is therefore an adequacy decision pursuant to Article 45 GDPR, so that transfers of personal data can take place without further guarantees or additional measures. The privacy policy of DoubleClick by Google can be found at: https://www.google.com/intl/de/policies/.

14. Plugins and Other Services

14.1 Google Tag Manager

We use the Google Tag Manager service on this website. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This tool allows "website tags" (i.e. keywords embedded in HTML elements) to be implemented and managed via an interface. Using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on and can then record which content on our website is particularly interesting to you. The tool also triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If you have deactivated tracking on the domain or cookie level, this remains in effect for all tracking tags implemented with Google Tag Manager. These processing operations are carried out only with your explicit consent pursuant to Article 6(1)(a) GDPR. The parent company Google LLC is certified under the EU-US Data Privacy Framework. There is therefore an adequacy decision pursuant to Article 45 GDPR, so that transfers of personal data can take place without further guarantees or additional measures. Further information on Google Tag Manager and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

14.2 Google WebFonts

Our website uses so-called web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure the uniform display of fonts. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use must connect to Google’s servers. In this way, Google learns that our website was accessed via your IP address. The use of Google web fonts is in the interest of a uniform and attractive presentation of our website. These processing operations are carried out only with your explicit consent pursuant to Article 6(1)(a) GDPR. The parent company Google LLC is certified under the EU-US Data Privacy Framework. There is therefore an adequacy decision pursuant to Article 45 GDPR, so that transfers of personal data can take place without further guarantees or additional measures. Further information on Google WebFonts and Google’s privacy policy can be found at: https://developers.google.com/fonts/faq; https://www.google.com/policies/privacy/.

14. Your Rights as a Data Subject

• 14.1 Right to Confirmation:

You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed.

• 14.2 Right of Access (Art. 15 GDPR):

You have the right at any time to obtain free information from us about your stored personal data and a copy of this data in accordance with the statutory provisions.

• 14.3 Right to Rectification (Art. 16 GDPR):

You have the right to demand the immediate rectification of incorrect personal data concerning you. You also have the right to have incomplete personal data completed, taking into account the purposes of the processing.

• 14.4 Right to Erasure (Art. 17 GDPR): Y

ou have the right to demand that we erase the personal data concerning you without undue delay, provided that one of the statutory grounds applies and insofar as the processing or storage is not necessary.

• 14.5 Right to Restriction of Processing (Art. 18 GDPR):

You have the right to request the restriction of processing if one of the statutory conditions is met.

• 14.6 Right to Data Portability (Art. 20 GDPR):

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted to another controller without hindrance from us, provided the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that the rights and freedoms of others are not adversely affected.

• 14.7 Right to Withdraw Consent under Data Protection Law:

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

• 14.8 Right to Lodge a Complaint with a Supervisory Authority:

You have the right to lodge a complaint with a data protection supervisory authority concerning our processing of personal data.

• 14.9 Right to Object (Art. 21 GDPR):

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

• In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

• If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling, to the extent it is related to such direct marketing. After receiving your objection, we will no longer process your personal data for these purposes.

• You can exercise your right to object at any time by contacting the controller or the Data Protection Officer named above. The contact details can be found at the beginning of this privacy policy.

15. Erasure and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose or as provided for by the laws or regulations to which our company is subject. If the storage purpose ceases to apply or a prescribed storage period expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

16. Duration of Storage of Personal Data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided it is no longer required for contract performance or initiation.

17. Currency and Amendment of This Privacy Policy

We reserve the right to amend this privacy policy as necessary, for example in the event of legal changes or new website functions. The current version can always be found on this page.

Privacy

Subscribe to the newsletter